Daily NCSC-FI news followup 2021-07-07

Out-of-Band (OOB) Security Update available for CVE-2021-34527

msrc-blog.microsoft.com/2021/07/06/out-of-band-oob-security-update-available-for-cve-2021-34527/ Today Microsoft released an Out-of-Band (OOB) security update for CVE-2021-34527, which is being discussed externally as PrintNightmare. This is a cumulative update release, so it contains all previous security fixes and should be applied immediately to fully protect your systems.. Lisäksi:https://us-cert.cisa.gov/ncas/current-activity/2021/07/06/microsoft-releases-out-band-security-updates-printnightmare. Lisäksi:

msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34527. Lisäksi:

www.darkreading.com/endpoint/microsoft-releases-emergency-patch-for-printnightmare-flaw. Lisäksi:

www.bleepingcomputer.com/news/security/microsoft-pushes-emergency-update-for-windows-printnightmare-zero-day/. Lisäksi:

thehackernews.com/2021/07/microsoft-issues-emergency-patch-for.html. Lisäksi: isc.sans.edu/diary/rss/27610

Fake Kaseya VSA Security Update Drops Cobalt Strike

threatpost.com/fake-kaseya-vsa-update-cobalt-strike/167587/ A malware spam campaign is milking the Kaseya ransomware attacks against its Virtual System/Server Administrator (VSA) platform to spread a link pretending to be a Microsoft security update, along with an executable file that’s dropping Cobalt Strike, researchers warn. Lisäksi:

www.bleepingcomputer.com/news/security/fake-kaseya-vsa-security-update-backdoors-networks-with-cobalt-strike

Kaseya VSA Limited Disclosure

csirt.divd.nl/2021/07/07/Kaseya-Limited-Disclosure/ Last weekend we found ourselves in the middle of a storm. A storm created by the ransomware attacks executed via Kaseya VSA, using a vulnerability which we confidentially disclosed to Kaseya, together with six other vulnerabilities. Lisäksi:

csirt.divd.nl/cases/DIVD-2021-00011/

Researchers Learn From Nation-State Attackers’ OpSec Mistakes

beta.darkreading.com/threat-intelligence/researchers-learn-from-nation-state-attackers-opsec-mistakes? Security researchers discuss how a series of simple and consistent mistakes helped them learn more about ITG18, better known as Charming Kitten. When security intelligence teams talk about human error, the conversation typically focuses on the victim of a cyberattack. What might they learn if they analyzed attackers’ mistakes instead?

EU Passes Emergency Law Allowing Tech Companies To Screen Messages For Child Abuse

www.forbes.com/sites/emmawoollacott/2021/07/07/eu-passes-emergency-law-allowing-tech-companies-to-screen-messages-for-child-abuse/ The European Parliament has approved emergency measures allowing internet companies to scan users’ private messages for material containing child sex abuse.

Tens of thousands scammed using fake Android cryptomining apps

www.bleepingcomputer.com/news/security/tens-of-thousands-scammed-using-fake-android-cryptomining-apps/ Scammers tricked at least 93, 000 people into buying fake Android cryptocurrency mining applications, as revealed by researchers from California-based cybersecurity firm Lookout. Lisäksi:

blog.lookout.com/lookout-unearths-android-crypto-mining-scams

US warns of action against ransomware gangs if Russia refuses

www.bleepingcomputer.com/news/security/us-warns-of-action-against-ransomware-gangs-if-russia-refuses/ White House Press Secretary Jen Psaki says that the US will take action against cybercriminal groups from Russia if the Russian government refuses to do so. Lisäksi:

www.zdnet.com/article/ransomware-us-warns-russia-to-take-action-after-latest-attacks

WildPressure APT Emerges With New Malware Targeting Windows and macOS

thehackernews.com/2021/07/wildpressure-apt-emerges-with-new.html A malicious campaign that has set its sights on industrial-related entities in the Middle East since 2019 has resurfaced with an upgraded malware toolset to strike both Windows and macOS operating systems, symbolizing an expansion in both its targets and its strategy around distributing threats. Lisäksi:

threatpost.com/macos-wildpressure-apt/167606/. Lisäksi:

securelist.com/wildpressure-targets-macos/103072/

Dozens of Vulnerable NuGet Packages Allow Attackers to Target.NET Platform

thehackernews.com/2021/07/dozens-of-vulnerable-nuget-packages.html An analysis of off-the-shelf packages hosted on the NuGet repository has revealed 51 unique software components to be vulnerable to actively exploited, high-severity vulnerabilities, once again underscoring the threat posed by third-party dependencies to the software development process.

ProtonMail, DuckDuckGo, others ask EU & US regulators to ban surveillance-based advertising

therecord.media/protonmail-duckduckgo-others-ask-eu-us-regulators-to-ban-surveillance-based-advertising/ A group of privacy-first tech companies, including the likes of ProtonMail, DuckDuckGo, Vivaldi, Tutanota, and Startpage, have published an open letter today asking EU and US regulators to take action and ban surveillance-based advertising.

Why I Love (Breaking Into) Your Security Appliances

threatpost.com/breaking-into-security-appliances/167584/ David “moose” Wolpoff, CTO at Randori, discusses security appliances and VPNs and how attackers only have to “pick one lock” to invade an enterprise through them.

Bitcoin power plant is turning a 12, 000-year-old glacial lake into a hot tub

arstechnica.com/tech-policy/2021/07/bitcoin-power-plant-is-turning-a-12000-year-old-glacial-lake-into-a-hot-tub/ The fossil fuel power plant that a private equity firm revived to mine bitcoin is at it again. Not content to just pollute the atmosphere in pursuit of a volatile crypto asset with little real-world utility, this experiment in free marketeering is also dumping tens of millions of gallons of hot water into glacial Seneca Lake in upstate New York.

SideCopy cybercriminals use new custom Trojans in attacks against India’s military

www.zdnet.com/article/sidecopy-cybercriminals-use-custom-trojans-in-india-attacks On Wednesday, researchers from Cisco Talos said a recent surge in activity “signals a boost” in the APT’s development of techniques, tactics, and tools, with multiple, new remote access trojans (RATs) and plugins now in play.

Email fatigue among users opens doors for cybercriminals

www.bleepingcomputer.com/news/security/email-fatigue-among-users-opens-doors-for-cybercriminals/ Given the mass migration to remote work, more critical business data is being shared by email than ever before. Users can now receive hundreds of emails a day, and sifting through them is time-consuming and exhausting.

You might be interested in …

Daily NCSC-FI news followup 2021-03-16

Guidance for responders: Investigating and remediating on-premises Exchange Server vulnerabilities msrc-blog.microsoft.com/2021/03/16/guidance-for-responders-investigating-and-remediating-on-premises-exchange-server-vulnerabilities/ This guidance will help customers address threats taking advantage of the recently disclosed Microsoft Exchange Server on-premises vulnerabilities CVE-2021-26855, CVE-2021-26858, CVE-2021-26857, and CVE-2021-27065, which are being exploited. We strongly urge customers to immediately update systems. Failing to address these vulnerabilities can result in compromise […]

Read More

Daily NCSC-FI news followup 2020-07-17

Iranian Spies Accidentally Leaked Videos of Themselves Hacking www.wired.com/story/iran-apt35-hacking-video/ IBM’s X-Force security team obtained five hours of APT35 hacking operations, showing exactly how the group steals data from email accountsand who it’s targeting. Read also: thehackernews.com/2020/07/iranian-hacking-training-videos.html, arstechnica.com/information-technology/2020/07/iran-state-hackers-caught-with-their-pants-down-in-intercepted-videos/ and securityintelligence.com/posts/new-research-exposes-iranian-threat-group-operations/ Can the exfiltration of personal data by web trackers be stopped? freedom-to-tinker.com/2020/07/14/can-the-exfiltration-of-personal-data-by-web-trackers-be-stopped/ In a series of […]

Read More

Daily NCSC-FI news followup 2020-09-11

New cyberattacks targeting U.S. elections blogs.microsoft.com/on-the-issues/2020/09/10/cyberattacks-us-elections-trump-biden/ In recent weeks, Microsoft has detected cyberattacks targeting people and organizations involved in the upcoming presidential election, including unsuccessful attacks on people associated with both the Trump and Biden campaigns, as detailed below.. Strontium, operating from Russia, has attacked more than 200 organizations including political campaigns, advocacy groups, parties […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.